Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-12-17 CVE-2016-9160 7PK - Security Features vulnerability in Siemens Simatic PCS 7 and Simatic Wincc
A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.
network
low complexity
siemens CWE-254
8.1
2016-12-17 CVE-2016-9158 Improper Input Validation vulnerability in Siemens products
A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl.
network
low complexity
siemens CWE-20
7.5
2016-12-17 CVE-2016-7454 Cross-Site Request Forgery (CSRF) vulnerability in Technicolor Xfinity Gateway Router Dpc3941T Firmware Dpc3941P2018V303R20421733160413Acmcst
CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.
low complexity
technicolor CWE-352
8.0
2016-12-16 CVE-2016-8825 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-119
7.8
2016-12-16 CVE-2016-8824 Improper Access Control vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges.
local
low complexity
nvidia CWE-284
7.8
2016-12-16 CVE-2016-8823 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges
local
low complexity
nvidia CWE-119
7.8
2016-12-16 CVE-2016-8822 Improper Input Validation vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-20
7.8
2016-12-16 CVE-2016-8821 Improper Access Control vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.
local
low complexity
nvidia CWE-284
7.8
2016-12-16 CVE-2016-8819 Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges.
local
low complexity
nvidia CWE-775
7.8
2016-12-16 CVE-2016-8818 Improper Input Validation vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-20
7.8